<?php
class AdminControl extends CommonControl{
	
	function loginAction(){
		$this->display('admin.login.html');
	}
	function doLoginAction(){
		$login_msg = '';
		// 去除特殊字符
		$user_name = stripslashes(trim($_POST['user_name']));
		$user_name = preg_replace("/$#([0-9+]);/", "-", $user_name);
		$user_name = str_replace("|", "&#124;", $user_name);
		$user_pass = $_POST['user_pass'];
		//$code = trim($_POST['safecode']);
		
		if (empty($user_name) || empty($user_pass)){
			$login_msg = 'Need name and password!';
		}
		/* if (empty($code)){
			$login_msg = 'identifying code error';
		}else{
			if (md5($code) != $_SESSION['check']['mdfivevalue']){
				$login_msg .= 'identifying code error';
			}
		} */
		if ($login_msg != ""){
			$this->out['login_msg'] = $login_msg;
			$this->display('admin.login.html');
			return false;
		}
		
		$user_model = D('user');
		$user_info = $user_model->getUserInfo($user_name);
		
		if ($user_info['user_pass'] != md5($user_pass)){
			$login_msg = 'password error';
			$this->out['login_msg'] = $login_msg;
			$this->display('admin.login.html');
			return false;
		}
		
		// 登陆成功，设置SESSION
		$_SESSION['user'] = $user_info;
		$privileges = trim(str_replace('|', ',', trim($user_info['user_privileges'])), ',');
		
		// 获取父权限
		$privilege_data = $user_model->getParentPrivileges($privileges);
		$privilege_str = '';
		if (!empty($privilege_data)){
			foreach($privilege_data as $p){
				$privilege_str .= $p['pid'] . ',';
			}
			$privilege_str = rtrim($privilege_str, ',');
		}
		$_SESSION['privilege_parent'] = $privilege_str;
		$_SESSION['privilege_info'] = $privileges;
		$this->redirect(DOMAIN);
	}
	function logoutAction(){
		unset($_SESSION['user']);
		unset($_SESSION['privilege_parent']);
		unset($_SESSION['privilege_info']);
		$this->display('admin.login.html');
	}
	// 添加管理员页面
	function addAction(){
		$user_model = D('user');
		//获取后台编辑菜单
		$data = $user_model->getParPrivileges();
		if (!empty($data)){
			foreach($data as $k => $p){
				$menu = $user_model->getChrPrivleges($p['id']);
				$data[$k]['menus'] = $menu;
			}
		}
		//获取用户管理角色
		$role = $user_model->getRoleInfo();
		
		$this->out['data'] = $data;
		$this->out['role'] = $role;

		$this->display('admin.add.html');
	}
	// 添加管理员
	function insertAction(){
		$priv = '';
		$role = 0;
		$is_admin = trim($_POST['is_admin']);
		if ($is_admin == 1){
			$group_sql = "SET group_concat_max_len = 2000";
			$this->db->query($group_sql);
			$sql = "SELECT GROUP_CONCAT(id SEPARATOR '|') AS priv FROM admin_privilege";
			$priv_arr = $this->db->getRecord($sql);
			$priv = $priv_arr['priv'];
		}else{
			$is_admin = 0;
			//获取角色
			$role = $_POST['role'];
			if($role == 0){
				$this->alert('请选择部门');
				return;
			}
			$priv = $_POST['priv'];
			$priv = implode("|", $priv);
		}
		if (!M()->db->getRecord("select user_id from admin where user_name='{$_POST['user_name']}'")){
			$ok = 0;
			$arr = array();
			$arr['user_name'] = $_POST['user_name'];
			$arr['user_pass'] = md5($_POST['user_pass']);
			$arr['user_privileges'] = $priv;
			$arr['role_id'] = $role;
			$arr['is_admin'] = $is_admin;
			
			$ret = M()->db->addRecord("admin", $arr);
			if ($ret !== FALSE){
				$this->pinfo('User ' . $_POST['user_name'] . ' added successfully!');
				$this->pmain(DOMAIN . "?act=admin.adminlist");
				$ok = 1;
				exit();
			}
			if (!$ok)
				$this->pinfo('User added failed, plase try later');
		}else{
			$this->pinfo('User ' . $_POST['user_name'] . ' exists!');
		}
	}
	
	// 管理员列表页面
	function adminlistAction(){
		$this->page_size = 5;
		$page = isset($_GET['page']) ? $_GET['page'] : 1;
		$page = is_numeric($page) ? ($page > 0 ? $page : 1) : 1;
		
		$array = M()->db->getRecordsByPage($page, $this->page_size, "SELECT a.*,ar.role_name FROM admin as a left join admin_role as ar on a.role_id=ar.role_id ORDER BY user_id");
		
		foreach($array['data'] as $key => $val){
			$priv = array();
			if (!empty($val['user_privileges'])){
				$privArr = explode("|", $val['user_privileges']);
				if (empty($privArr)){
					$privArr[] = $val['user_privileges'];
				}
				if (!empty($privArr)){
					$priv = M()->db->getRecords("select * from admin_privilege where id in (" . implode(",", $privArr) . ")");
					$array['data'][$key]['privileges'] = $priv;
				}
			}
		}
		$this->out['pageCount'] = $array['pageCount'];
		$this->out['page'] = $array['page'];
		$this->out['pageDisplay'] = $this->pageDisplay;
		$this->out['data'] = $array['data'];
		$this->out['href'] = DOMAIN . '?act=admin.adminlist';
		$this->out['pagestring'] = $this->fetch("all.pages.html");
		$this->display('admin.adminlist.html');
	}
	
	// 修改用户权限
	function editAction(){
		$user_id = $_GET['user_id'];
		if (empty($user_id) || !is_numeric($user_id)){
			$this->alert('用户id必须是数字');
			return;
		}
		
		$user_model = D('user');
		$user = $user_model->getUserInfoById($user_id);
		$userPriv = array();
		if (!empty($user['user_privileges'])){
			$userPriv = explode("|", $user['user_privileges']);
		}
		
		$data = $user_model->getParPrivileges();
		
		if (!empty($data)){
			foreach($data as $k => $p){
				$menu = $user_model->getChrPrivleges($p['id']);
				if (!empty($menu)){
					foreach($menu as $km => $kv){
						if (in_array($kv['id'], $userPriv))
							$menu[$km]['check'] = "checked";
					}
				}
				$data[$k]['menus'] = $menu;
			}
		}
		
		//获取角色
		$role_data = $user_model->getRoleInfo();
		foreach ($role_data as $krd=>$vrd){
			if($vrd['role_id'] == $user['role_id']){
				$role_data[$krd]['checked'] = 1;
			}
		}
		
		$this->out['data'] = $data;
		$this->out['page'] = empty($_GET['page']) ? 1 : intval($_GET['page']);
		$this->out['userinfo'] = $user;
		$this->out['role_data'] = $role_data;
		$this->display('admin.edit.html');
	}
	
	// do修改用户权限
	function updateAction(){
		
		$user_id = $_POST['user_id'];
		if (empty($user_id) || !is_numeric($user_id)){
			$this->alert('用户id必须是数字');
			return;
		}
		$priv = $_POST['priv'];
		$priv = implode("|", $priv);
		$pass = empty($_POST['password']) ? '' : trim($_POST['password']);
		$arr = array();
		$arr['user_privileges'] = $priv;
		$arr['is_admin'] = $_POST['is_admin'];
		$arr['role_id'] = $_POST['role'];
		
		if(empty($_POST['is_admin']) && empty($_POST['role'])){
			$this->alert('请选择部门');
			return;
		}
		
		if (!empty($pass)){
			$arr['user_pass'] = md5($pass);
		}
		if (count($arr) > 0){
			M()->db->updateRecord("admin", "user_id=$user_id", $arr);
		}
		$_GET['page'] = $_POST['page'];
		$this->adminlistAction();
	}
	
	// 删除用户
	function removeAction(){
		if (empty($_GET['user_id']) || !is_numeric($_GET['user_id'])){
			$this->alert('用户id必须是数字');
			return;
		}
		$del_sql = "delete from admin where user_id={$_GET['user_id']}";
		M()->execute($del_sql);
		$this->pinfo('User ' . $_GET['user_id'] . ' deleted successfully!');
		$this->adminlistAction();
	}
}